On 14/6/2011 1:12 πμ, Tom Hendrikx wrote:
On 13/06/11 23:49, Jürgen Obermann wrote:
I admit that fail2ban can stop this attack, but we have solaris and not linux and therefore the actions fail3ban wants to start are not available.
If fail2ban itself can run on your box, then that's the way to go.
I would like to add that, although fail2ban is great and we are using it for a long time, it doesn't support IPv6; now that our servers (we are using CentOS 5.6 x86_64) and networks are IPv6 enabled, this is a problem (but hopefully IPv6-based attacks should not be very common yet). We have not implemented a solution for protecting pop3/imap over IPv6 yet, but I have recently found this article: http://www.roedie.nl/tag/fail2ban/ which suggests autofwd: http://freshmeat.net/projects/autofwd which might provide a good solution. It seems versatile and supports IPv6.
If anybody has done or can do an implementation on Linux (using iptables AND ip6tables) for pop3/imap, pop3s/imaps and share it, it will be most welcome and very useful.
This is a Linux tool, so I can't suggest anything for Solaris or other systems. Nevertheless, finding a solution for Linux is still significant!
Nick